Force all client generated traffic through the tunnel



  • I am currently switching an office from PPTP to OpenVPN. This is the common scenario of the office network being 192.168.1.0 and the home network being 192.168.1.0. When configuring the OpenVPN server, I enable the "Force all client generated traffic through the tunnel". I then use the OpenVPN Client Export utility to create an installer.

    At the client end, when I connect to the VPN and try to RDP to his machine at the office, it doesn't work. I can ping it though. So I look at the ARP cache and see that the device that is responding to the pings is actually an Apple TV on the client network, not his machine across the VPN.

    I am still fairly new to OpenVPN, but shouldn't the "Force all client generated traffic through the tunnel" option tell the client to use the gateway on the VPN network for all traffic? This functionality worked great with the PPTP setup (Use default gateway on remote network).

    The user on the client machine is an administrator and I have tried creating the OpenVPN client with and without the "Management Interface OpenVPNManager" option, no difference. What am I missing?



  • A couple potential solutions.

    1. Use different networks for the local and VPN.  e.g. local: 192.168.1.x, VPN: 192.168.21.x
      Edit: Oh wait a minute, just realized that isn't what you are talking about.  It's the work and local networks that would need to be different also.  I think.

    2. Place the OpenVPN interface at the top of the binding order.
      This was pointed out to me by hero member johnpoz in an earlier thread last week:
      https://forum.pfsense.org/index.php?topic=77421.0

    Good luck.


Log in to reply